The General Distribution Release with fixes for .NET 3.5 SP1 is now available for download at This release contains fixes for two Windows Communication Foundation (WCF) issues

  1. The first issue involves a race when multiple clients send message headers of the same type to a service simultaneously. This was due to a TypedHeaderManager cache race, caused when two threads try to get the same typedheader type whose entry is still not cached. Because of the race, both threads get access to the resource and attempt to add the entry to the cache, resulting in an System.ArgumentException for the second add call.

System.ArgumentException: An item with the same key has already been added.

Exchange Web services ran into the above issue resulting in failed requests and this is now fixed in the GDR.

  1. The second fix provides users the ability to handle SecurityTokenValidationException in HTTP authentication processing. Before this fix, the SecurityTokenValidationException was funneled into a 403 (Forbidden) status code. This prevented custom UserNamePasswordValidator authors from returning a 401 (Unauthorized) status code when user credentials validation failed and instead were forced to return a 403. With this fix, they would be able to return a 401 HTTP status code as desired.